Knowledge is the best attack deterrent, so check out our cyber security updates
24By7Security, Inc.

Healthcare Cybersecurity Biweekly Newsletter - May 10th, 2017

Cyber Insurance 101

Healthcare organizations these days are adopting the use of electronic systems for their day-to-day work and transmitting protected data to other locations heavily.   This, coupled with the high value of data handled, results in an increase in the level of exposure to cyber attacks.   Specifically, protected health information (PHI) of patients fetches large sums of money in the black market. A cyber attack can lead to loss of systems and information, disruption of procedures, and serious reputation risk. As risk of cyber attack keeps growing, so does the compelling need to take insurance cover against their cyber risks.   


Doctor Gets Jail Time for HIPAA Violation

One Doctor Surgeon was given notice of termination from his employer. He started looking at patient records for entertainment in the meantime. The day he was notified of his termination, he accessed one record. Over the next few weeks, he browsed the medical records of many of his colleagues. He never shared the information he saw in the records with anyone including his wife. 

But - he violated HIPAA as he had illegally accessed patient records over 300 times. He was not treating any of those patients and in few instances he looked at the records after he was no longer working at the health system! In this case, Doctor's employer faced civil HIPAA violations due to its employee's actions. The health system ended up paying over $800,000 in civil fines related to this case. The Doctor faced a fine of up to $50,000 and a year in jail. This case illustrates two points: 1) a person can get jail time for a HIPAA violation (even a misdemeanor violation), and 2) ignorance of the law does not protect you. Criminal penalties for HIPAA violations are rare, but can be severe. 


Greenway Health still struggling with ransomware attack

Florida-based practice management software and EHR vendor, Greenway Health, experienced a ransomware attack and approximately 400 healthcare organizations were affected.  Clients were forced to resort to using pen and paper while Greenway Health worked to restore its system. Fortunately, all client data were backed up and could be recovered. EHR vendors typically have highly advanced cybersecurity protections in place, but this incident shows that no company is immune to attack. The ransomware attack should serve as a warning for all healthcare providers that use cloud-based EHR systems. ePHI access may be lost, so it is essential that contingency plans are developed to ensure that a cyberattack on their EHR vendor does not majorly impact healthcare operations.


2017 OCR HIPAA Settlements Focus on Risk Analyses, Safeguards

Maintaining PHI security must remain a top priority for covered entities and business associates year-round. Lackluster safeguards and irregular risk analyses can lead to potential data security issues, and even an OCR HIPAA settlement. With four months of 2017 almost complete, there have been five settlements announced. Insufficient audit controls, a failure to send out timely notification, and overall weak ePHI security have all been underlined as key issues by OCR.

  1. Metro Community Provider Network (MCPN) failed to conduct a risk analysis - settlement $400,000
  2. Memorial Healthcare Systems (MHS) lacked audit controls - settlement $5.5 million. Highest so far this year!!
  3. Children’s Medical Center of Dallas failed to implement risk management plans - settlement $3.2 million.
  4. MAPFRE Life Insurance Company of Puerto Rico (MAPFRE) on allegations of lack of ePHI safeguards - settlement $2.2 million.
  5. Presence Health for delayed notification process - settlement $475,000

Upcoming Events!

HackMiamiCon5 Security Conference - May 19 - 21, 2017

Michael Brown of 24By7Security, Inc. speaking at HackMiami Security Conference, at Deauville Miami Beach Resort, Miami Beach, Florida.

More Information....

ITGIG Conference - May 19, 2017

ITGIG Conference - the premier ISACA SF and IIA WPB Chapter conference for SF IT executives in the public sector will provide opportunities for IT leaders to share their experiences. 24By7Security is pleased to support this event.

More Information....

ISSA 2017 International Conference - Oct 9 - 11, 2017

Michael Brown of 24By7Security, Inc. will be speaking on Cyber Resilience at the ISSA 2017 International Conference being hosted at the Sheraton Hotel and Marina in San Diego, California.

More Information....

Data Connectors Fort Lauderdale Tech-Security Conference - Dec 14, 2017

24By7Security is pleased to sponsor the Data Connectors Fort Lauderdale Tech-Security Conference at Fort Lauderdale, Florida.

More Information....

Facebook Twitter Linkedin Youtube Google Instagram

About us

24By7Security, Inc. is a full service Cybersecurity strategy, implementation, operations and training firm.  We provide Cybersecurity and compliance related services across all functions of the enterprise. Our services include CFPB/DFA, FIPA, FERPA, GLBA, HIPAA, PCI, SOX, and others.

Visit Our Website

24By7Security, Inc.

4613 N. University Drive, Suite #267

Coral Springs, Fl - 33067

(844) 55-CYBER